How to Reduce Mobile Payment Fraud by Optimizing your Checkout

Bolt Team October 7

Representation of data behind a person's online profile

As online shopping grows in popularity, more of it has shifted to mobile. With this comes increased risk and fraud attempts on mobile devices. When optimizing your ecommerce platform and payment gateway for mobile, it’s important to consider mobile payment fraud and establish tools and systems that detect and prevent fraud on mobile.

Tackling mobile fraud means first understanding what it is and how it impacts your ecommerce platform. As an ecommerce retailer, you can regain potentially lost revenue from falsely rejected legitimate payments. This article will cover the following to help you improve mobile fraud security:

Before we dive into strategies for reducing mobile payment fraud, let’s look at what mobile fraud is, who is a likely target, and the main types of mobile fraud.

What is mobile fraud and who is susceptible?

Mobile fraud is when fraud occurs on mobile technology devices, platforms, and software. Mobile fraud can take many forms, but fraud detection, protection, and prevention can be achieved through rules and signals that help identify mobile fraud and stop it in its tracks.

Mobile fraud is distinct from phone or telecommunications fraud, which involves intentionally using telecommunications products or services to illegally acquire money or gain services without paying. Mobile fraud involves fraud performed on mobile devices and mobile applications.

With modern technology and the proliferation of mobile ecommerce, everyone is susceptible to mobile fraud to some degree. As a customer, you should do all you can to protect yourself. As a payment provider, you should provide customers a secure, safe method of payment.

To do that better, let’s look at the main types of mobile fraud and how it commonly occurs.

9 types of mobile fraud

Mobile fraud takes a number of different forms. To properly protect against fraud, it’s important to understand the types of fraud that occur on your platform and the metrics to track to improve conversions. The more you know, the better you can tailor your defense.

Here are 9 of the main types of fraud, so you can isolate each and work towards addressing them for your users:

1. Account takeovers

HTML code with lock symbol protecting

An account takeover is when a fraudster gains access to a customer’s legitimate account for malicious use. This can occur either through a data breach that reveals customer information, poor authentication solutions, or physical mobile device theft. In some cases, fraudsters create fake websites, emails, and apps to collect user information for other accounts.

How to reduce impact: Account takeovers can be prevented by employing a strong, specific password for each user account. Two-factor and multi-factor authentication also add a layer of mobile fraud protection to help secure your account.

2. Call center fraud

When customers call in to access their account, they are asked personal questions to verify their identity (such as date of birth, driver’s license, and social security number). If a malicious person gains access to this information, they can provide it to customer support to gain access to your account.

How to reduce impact: While much of the responsibility rests on the call center to provide adequate security, there are a few things you can do to reduce the risk of call center fraud. When offered, opt-in to added security validation processes such as a PIN or multi-factor authentication.

3. Provider data breaches

Data breaches of major companies, telecommunications providers, and anywhere else your information is stored can open your account up to risk of fraud. While security is in the hands of these companies, you only have so much control over data breaches, but can be negatively impacted if one occurs.

How to reduce impact: There is nothing you can do to prevent a security breach of this nature, but you can do some things to mitigate the impact it has on you if it does occur. Choose to use different passwords, PINs, and security questions for different accounts. This way, when someone gains access to one account, they can’t access your other accounts.

4. Subscription fraud

Fraudsters open a mobile phone subscription under the victim’s name. This allows them to transfer (or “port”) the victim’s phone number to a new phone, at which point they can receive messages, even intercepting alerts about password changes and access. From this point, the fraudsters control your account and subscriptions. In many cases, they then use the newly established phone account to purchase and subscribe to other services under your name.

Due to the level of control these fraudsters can gain from this type of fraud, it can cause serious problems for the victim.

How to reduce impact: In most cases, this fraud is not identified until law enforcement is involved, since the fraud is hard to detect. To prevent mobile porting fraud, set up a PIN, 2-factor authentication, or another port validation feature. You can find a list of solutions based on your carrier here.

5. Stolen devices

With the amount of data and number of apps we have on or connected to our phones, having physical access to your mobile device gives a fraudster access to much of your personal information. With automatic sign-in enabled and little security, your mobile device is a treasure trove of personal information and account access to a fraudster.

Modern attempts also involve mobile malware, in which fraudsters can get access to your personal information or accounts without actually stealing the physical device, but by being in proximity.

How to reduce impact: While it’s difficult to stop physical device theft, there are a number of security features you can put in place to secure your personal information and accounts in the event your phone is stolen. Add a strong PIN, gesture, or pattern when choosing an access key. When possible, add multi-factor authentication and biometrics so others can’t gain access after stealing your phone.

6. Phishing

Thief using fishing rod to hook a computer from an online shopper

Phishing scams have become more popular as we move our transactions, banking, financial, and other personal information online. Fraudsters are quite literally ‘fishing’ for your personal information, sending out emails that appear to be from authentic companies such as credit card providers and banks. They fake the authentic site and attempt to gain customer credentials, which they then use to access accounts.

How to reduce impact: Never give out personal information over email, text, or any other unencrypted medium. Authentic companies will never ask for personal information over a non-secure channel, and you should never send financial, banking, or other personal information across an insecure form of communication.

Watch for the URL on the email address to determine if it’s from the actual source. Insist on communicating personal identifying information through an encrypted file-sharing system such as Dropbox, and never in plain-text.

7. Friendly fraud chargebacks

Friendly fraud chargebacks are when a customer makes a purchase and then requests a reversal of the charge from their credit card company. While many of these claims are legitimate, these claims can be falsely made to get products or services for free. The chargeback system, while meant to help protect customers from fraudulent behavior, can unfortunately be exploited in ways that leave retailers liable for the loss.

How to reduce impact: Utilizing a payment processor that has an integrated chargeback management software will reduce the likelihood of friendly fraud chargebacks occurring, since it will stop these attempts before they happen.

8. Prepaid cards and false offers

Malicious actors will call individuals, offering them a discount on an existing service in exchange for a prepaid gift card. Once sent, the fraudster keeps your money and the prepaid gift card. With no way to trace the prepaid gift card, there is no way to find the perpetrator or to get your money back.

How to reduce impact: In general, avoid any type of suspicious transaction. If you find yourself asking “how do they benefit from this,” and you can’t find a simple answer, then it’s likely malicious. As a general rule, avoid discounts in exchange for prepaid gift cards, and distrust any organization that asks to be paid in prepaid debit cards as well.

9. Premium SMS

Premium SMS messages allow content providers to charge for content that is distributed to customers’ phones. In these cases, fraudsters sign up for premium SMS messaging content, with the charges going to the account of the person they defrauded.

How to reduce impact: The best way to ensure you never get charged for this is to change device settings, toggling the premium SMS messages off so they can’t be received or sent.

6 ways to reduce mobile payment fraud

Providing a great ecommerce payment experience involves perfecting ecommerce mobile UI, providing a secure payment gateway, and creating peace of mind for the shopper. Reducing mobile payment fraud means focusing on customer safety and integrating fraud systems with your online store.

Here are a number of ways to reduce mobile payment fraud on your ecommerce store. Integrate them into your strategies to eliminate fraud on your platform.

1. Establish a secure Wi-Fi network

While customers can access mobile payments through their safe, private home network, their mobile network using cellular data, or a free network like the Wi-Fi in a coffee shop, it’s important to ensure that your network is secure. Always ensure that you protect your Wi-Fi network with basic security to stop hacking at the source.

There are a few basic practices to ensure your Wi-Fi network is secure to protect your team, employees, business, and customers. Follow these 3 standard security practices to keep the network safe.

  • Use a unique password: Many routers will have a preset password. It’s important to update this to your own, unique, secure password rather than leaving the default. Open router settings in your web browser to update the password.
  • Change the SSID name on the device: Much like a default password, your router will have a default name (ie. Linksys), which is the Service Set Identifier (SSID). Default device names are a sign to hackers of weak network protection and a lack of sophistication. Be sure to update your device name so malicious actors are deterred from hacking. This also ensures your employees use the right network and don’t expose you to fraud.
  • Encrypt your network with security: While changing settings for your router, you should make sure you encrypt your network to provide a base level of security. If possible, set up WPA2 (Wi-Fi Protected Access version 2) to secure your service for customers. On older device types, make sure WEP and WPA are enabled.

2. Biometric identification

Biometric scan of fingerprint

Newer mobile devices have biometric identification, enabling users to unlock and secure their phone using their fingerprint, facial recognition, voice identification, and more. These systems add a further level of mobile payment security, as they are impossible to replicate or guess, unlike a password or PIN.

Enabling biometric identification on your mobile payment platform will give customers an added level of protection, as well as keep your payment platform more secure and less susceptible to fraud.

3. Two or multi-factor authentication

A two-factor (or multi-factor) authentication process that uses an email or phone call to identify the customer. These added steps may sometimes slow the customer down, but is a small price to pay to ensure that your mobile presence is secure.

Purchase a 2FA program or service and integrate this with your payment gateway, forcing customers to authenticate their identity before proceeding. You can also build this out yourself with your developer.

4. Detect mobile browsers and prevent unprotected browsers

To prevent fraud via insecure browsers, add a plugin or extension that will detect the browser your mobile customers are using, automatically preventing transactions from unprotected browsers.

This way, when customers attempt to make purchases through a browser that lacks adequate security features, the payment will be halted, reducing the risk of fraud. Redirect them to a new browser or a secured app instead. Customers looking to make a legitimate purchase should be willing to do this.

5. Follow PCI DSS security standards

The Payment Card Industry Data Security Standard (PCI DSS) lays out best practices for safeguarding credit card information and data when processing payments and storing billing information online.

Follow PCI DSS guidelines to not only ensure you can challenge chargebacks with credit card providers, but also to protect your customers during the mobile checkout process. One of the main aspects of this is requiring a CVV code for mobile transactions. Do not approve any credit card transactions without getting a CVV from the customer.

6. Identify trends and patterns with AI and machine learning

Graphic of brain split as half-human and half-computer

Consider integrating AI and machine learning into your fraud protection system, allowing it to improve its accuracy at detecting and preventing fraud.

Use a combination of analytics, AI, and machine learning to identify and track trends and patterns. These will help you root out fraud, but also help you prevent and protect against it properly. This combination of review and reflection with real-time alerts can help you eliminate the vast majority of mobile fraud.

Detecting and preventing mobile fraud involves predicting fraudulent behavior before it happens. Your best practices will help guide this process, helping you get better at managing fraud on your platform.

To get ahead of the curve, consider these mobile fraud trends that are predicted to be the biggest problems facing ecommerce stores in the near future.

  • Data breaches: With five recent data breaches involving major companies, this trend is growing. Customers are more cautious about who they trust with personal and financial information. Be sure to establish a secure network and platform to resist against data breaches.
  • Malware attacks: Open Wi-Fi networks, smishing (phishing using SMS messaging), and more all lead to increased rates of malware attacks, as hackers see opportunities surrounding weak security.
  • Malicious apps: As customers opt to use apps rather than a mobile website, more fraudsters attempt to create malicious apps. These apps appear to be legitimate, drawing in users who sign up and input personal information.

More than 50% of online shopping is currently being done on mobile devices, with the trend growing. Take the lessons here and apply them to your payment processing gateway, ensuring that users buying on their mobile have the security and safety they need.

Bolt is built with mobile payment fraud in mind, with a smooth, seamless checkout across all device types, designed and optimized to reduce checkout abandonment. They stand by their service, offering a 100% chargeback coverage guarantee for your ecommerce platform.

Want to see a 5-minute demo?